Hacky little Python script to get Windows Version directly out of running process memory. This is a toy. Not sure why you would really want to do this.

unsafe_windows_ver.py

"""
Hacky little Python script to get Windows Version directly
out of running process memory.

This is a toy. Not sure why you would really want to do this.

Windows undocumented API: https://stackoverflow.com/a/79014708/8524178

Requires the unsafe.py file from https://github.com/DavidBuchanan314/unsafe-python/blob/main/unsafe.py
"""
import unsafe
mem = unsafe.getmem()

user_data = 0x7ffe0000
win_major_ver = mem[user_data + 0x26c: user_data + 0x26c + 4] # bytearray(b'\n\x00\x00\x00')
win_major_ver = int.from_bytes(mem[user_data + 0x26c: user_data + 0x26c + 4], "little")
win_minor_ver = int.from_bytes(mem[user_data + 0x270: user_data + 0x270 + 4], "little")
win_build_num = int.from_bytes(mem[user_data + 0x260: user_data + 0x260 + 4], "little")

print(f"Windows version: {win_major_ver}.{win_minor_ver}.{win_build_num}")
# Windows version: 10.0.19045

import platform
print(f"Windows version: {platform.win32_ver()}")
# Windows version: 10.0.19045